CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

Positive Technologies•added 2024/12/06 12:0 a.m.•2 views

PT-2024-16921 · WordPress · Smart Popup Blaster

Name of the Vulnerable Software and Affected Versions: Smart PopUp Blaster plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode due to insufficient input sanitization and output escaping ...

6.4CVSS6.2AI score0.00249EPSS

Exploits0References6

Patchstack•added 2024/12/05 10:19 p.m.•2 views

WordPress Broadcast plugin <= 51.01 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Broadcast versions = 51.01...

6.1CVSS6.3AI score0.00312EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/12/05 12:0 a.m.•2 views

WordPress plugin WIP WooCarousel Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.7AI score0.00312EPSS

Exploits0References4

Positive Technologies•added 2024/11/30 12:0 a.m.•5 views

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

6.5CVSS6.7AI score0.00277EPSS

Exploits0References5

Patchstack•added 2024/11/26 7:33 a.m.•3 views

WordPress Everest Forms plugin < 3.0.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.4.2...

4.8CVSS6.1AI score0.00362EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/11/26 12:0 a.m.•8 views

WordPress Everest Forms Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Everest Forms Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10471 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 675cfcd37990 Credits Dmitrii Ignatyev Requir...

4.8CVSS6AI score0.00362EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2024/11/26 12:0 a.m.•6 views

PT-2024-35795 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: A cross-site scripting XSS vulnerability in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. This...

4.8CVSS5.4AI score0.00422EPSS

Exploits1References9

OSV•added 2024/11/25 7:15 p.m.•3 views

CVE-2024-51723

A Stored Cross-Site Scripting XSS vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session...

4.6CVSS5.8AI score0.00266EPSS

Exploits0References1

Patchstack•added 2024/11/22 3:39 p.m.•2 views

WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kevin's versions = 2.0.0...

7.1CVSS6.2AI score0.00173EPSS

Exploits0Affected Software1

OSV•added 2024/11/20 9:15 p.m.•1 views

CVE-2024-48531

A reflected cross-site scripting XSS vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS6AI score0.0036EPSS

Exploits1References1

Positive Technologies•added 2024/11/20 12:0 a.m.•3 views

PT-2024-39635 · WordPress · F4 Improvements

Name of the Vulnerable Software and Affected Versions: F4 Improvements plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS7.9AI score0.0038EPSS

Exploits0References5

OSV•added 2024/11/19 5:15 p.m.•1 views

CVE-2024-50514

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16...

4.8CVSS5.8AI score0.0038EPSS

Exploits0References1

Cvelist•added 2024/11/19 4:32 p.m.•34 views

CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...

7.1CVSS0.00194EPSS

Exploits0References1

Vulnrichment•added 2024/11/19 4:32 p.m.•8 views

CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...

7.1CVSS5.9AI score0.00194EPSS

Exploits0References1

Positive Technologies•added 2024/11/19 12:0 a.m.•2 views

PT-2024-34330 · Unknown · Endomondowp

Name of the Vulnerable Software and Affected Versions: EndomondoWP versions 0.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For EndomondoWP...

6.5CVSS5.8AI score0.00341EPSS

Exploits0References3

Positive Technologies•added 2024/11/19 12:0 a.m.•2 views

PT-2024-35001 · Unknown · Luzuk Team

Name of the Vulnerable Software and Affected Versions: Luzuk Team versions 0.1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the website,...

6.5CVSS5.9AI score0.00302EPSS

Exploits0References3

Cvelist•added 2024/11/18 11:53 a.m.•25 views

CVE-2024-11319 Stored XSS in Open Source Project "django-cms"

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

4.8CVSS0.00493EPSS

Exploits1References5

Patchstack•added 2024/11/18 12:0 a.m.•16 views

WordPress Awesome Studio Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Studio Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83cb8daf8eb9 Credits Le Ngoc Anh Required privilege...

6.5AI score0.00333EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/11/15 3:27 p.m.•18 views

CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...

4.8CVSS5.6AI score0.00381EPSS

Exploits1References2

Cvelist•added 2024/11/15 3:26 p.m.•23 views

CVE-2024-49759 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "billname" parameter when creating a new bill. This vulnerability can...

4.8CVSS0.00402EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by